DKIM and Amavis
Mark Martinec
Mark.Martinec+amavis at ijs.si
Tue Mar 6 15:17:37 CET 2012
> Is it possible to handle DKIM via amavis?
Yes, since version 2.6.0, with some improvements in later versions.
> If so, is it possible to sign only SASL authenticated outgoing messages?
> My setup is postfix + Amavis +opendkim.
Signing can be enabled/disabled by a policy bank, so the idea is to let
an MTA route messages which should be signed to a dedicated content
filtering port, where the policy bank can adjust the settings accordingly.
With version 2.7.0 the $enable_dkim_signing can be adjusted
by a policy bank:
- settings $enable_dkim_verification and $enable_dkim_signing are now
dynamic, i.e. became members of policy banks, thus facilitating
selectively enabling or disabling these features on a policy bank basis;
For example:
$enable_dkim_signing = 0;
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {
originating => 1,
enable_dkim_signing => 1,
}
With earlier versions the same can be accomplished through
a @dkim_signature_options_bysender_maps setting, which was
always dynamic (i.e. configurable through policy banks).
> If so, is it possible to sign only SASL authenticated outgoing messages?
Btw, even without any special settings, amavisd generates DKIM signatures
only for non-spam messages with $originating flag on, which (depending
on an MTA setup) only applies to authorized mail submission, either
through client's IP address being in @mynetworks, or for authenticated
(e.g. SASL) roaming users.
Mark
More information about the amavis-users
mailing list